[ale] OT: DNS query (dig) question

Chris Ricker kaboom at gatech.edu
Tue May 11 13:37:02 EDT 2004


On Tue, 11 May 2004, Fulton Green wrote:

> Back in the "nslookup" days, I could do a query on all the registered
> hostnames for a given domain, something akin to:
> 
>    nslookup> ls -d somedomain.com > somedomainhosts.txt
> 
> Now that nslookup is deprecated, I was wondering if there was a similar
> way to perform this type of query, or if this type of query has since
> been deemed a security risk.

"ls -d" did a zone transfer, and as you thought, it is a security risk. Many
sites today restrict who can do a zone transfer, and the ones that don't
probably all should ;-)

If you can find a site which permits zone transfers, you can use dig to pull 
the zone

$ dig @dns_server zone_to_pull axfr

later,
chris



More information about the Ale mailing list